Skip to content

Commit

Permalink
PSSA
Browse files Browse the repository at this point in the history
  • Loading branch information
@SamErde
SamErde committed Dec 11, 2024
1 parent 549544e commit a8187bd
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 25 deletions.
38 changes: 20 additions & 18 deletions Active Directory/Domain Services/DNSZonesRemote.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,35 @@
<#
.SYNOPSIS
Loop through a list of specified domain controllers, and then loop through all DNS Server zones on each domain controller to make desired changes.
Loop through a list of specified domain controllers, and then loop through all DNS Server zones on each domain
controller to make desired changes.
.DESCRIPTION
This script was written to change the Secondary Servers setting and the SecureSecondaries setting on all DNS zones on all DNS Servers (all domain controllers,
in our environment.) It provides an ideal way to adjust settings for one (or all) zones across every zone server, because some settings are stored individually
in each server's registry, and not completed replicated, even when the zone is AD-integrated.
This script was written to change the Secondary Servers setting and the SecureSecondaries setting on all DNS zones on
all DNS Servers (all domain controllers, in our environment.) It provides an ideal way to adjust settings for one (or
all) zones across every zone server, because some settings are stored individually in each server's registry, and not
completed replicated, even when the zone is AD-integrated.
Our servers actually havce Remote Registry access disabled, so the remote part of this script will not work, but the inner loop beginning with the collection
of zones ("$zones = Get-ChildItem ...") from the registry can be run manually on each DNS Server, still saving time and providing more accuracy than multiple
manual changes could.
Our servers actually have Remote Registry access disabled, so the remote part of this script will not work, but the
inner loop beginning with the collection of zones ("$zones = Get-ChildItem ...") from the registry can be run manually
on each DNS Server, still saving time and providing more accuracy than multiple manual changes could.
.NOTES
Be sure to test your changes first by using -WhatIf on the Set-ItemProperty cmdlets, and also by testing your changes manually with at least one zone. Check the
registry and the GUI after running your script, and note that changing some zone settings via the registry will require the DNS Server service to be restarted
in order for those changes to be read and take effect.
Be sure to test your changes first by using -WhatIf on the Set-ItemProperty cmdlets, and also by testing your changes
manually with at least one zone. Check the registry and the GUI after running your script, and note that changing some
zone settings via the registry will require the DNS Server service to be restarted in order for those changes to be read
and take effect.
#>

if ($session) { Remove-PSSession $session }

#Specify a list of DNS servers manually, or just get a list of all domain controllers in the domain.
#$servers = @("","","","","")
$servers = Get-ADDomainController -Filter * | Select-Object Hostname
$creds = Get-Credential
$Creds = Get-Credential
#Loop through each server in the list, opening a PowerShell remoting session, then show the name and status of the session. Skips (continue) to the next server if a connection fails.
foreach ($srv in $servers) {
$server = $srv.Hostname
$session = New-PSSession -ComputerName $server -Name $server -Credential $creds
$session = New-PSSession -ComputerName $server -Name $server -Credential $Creds
Try {
Write-Host -ForegroundColor Green "Connecting to $server... " -NoNewline
Enter-PSSession $session
Expand All @@ -39,17 +42,16 @@ foreach ($srv in $servers) {
$zones = Get-ChildItem -Path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\'

foreach ($zone in $zones) {
Write-Host -NoNewline -ForegroundColor Yellow `n`n 'Name: ' (Get-ItemProperty -PSPath $zone.PSPath).PSChildName
Write-Host -NoNewline `n 'SecondaryServers: ' (Get-ItemProperty -PSPath $zone.PSPath).SecondaryServers
Write-Host -NoNewline `n 'SecureSecondaries: ' (Get-ItemProperty -PSPath $zone.PSPath).SecureSecondaries `n
Write-Host "`n`n 'Name: ' (Get-ItemProperty -PSPath $zone.PSPath).PSChildName" -NoNewline -ForegroundColor Yellow
Write-Host "`n 'SecondaryServers: ' (Get-ItemProperty -PSPath $zone.PSPath).SecondaryServers" -NoNewline
Write-Host "`n 'SecureSecondaries: ' (Get-ItemProperty -PSPath $zone.PSPath).SecureSecondaries `n" -NoNewline

#Set-ItemProperty -PSPath $zone.PSPath -Name "SecondaryServers" -Value "" -Whatif
#Set-ItemProperty -PSPath $zone.PSPath -Name "SecureSecondaries" -Value "3" -Whatif
#Set-ItemProperty -PSPath $zone.PSPath -Name "SecondaryServers" -Value "" -WhatIf
#Set-ItemProperty -PSPath $zone.PSPath -Name "SecureSecondaries" -Value "3" -WhatIf
}

#Cleanup and then show the current PSSession state.
if ($session) { Exit-PSSession }
if ($session) { Remove-PSSession $session }
Write-Host -ForegroundColor DarkYellow $session.ComputerName $session.State `n`n -NoNewline

}
14 changes: 7 additions & 7 deletions Active Directory/Domain Services/Get-MissingADSubnets v2.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,17 +157,17 @@

$NumberOfIPs = ([System.Math]::Pow(2, $IntIPLength)) - 1

$IpStart = New-IPv4NetworkAddress $ObjInputAddress $BlockBytes $IPv4Mask
$IpStart = New-IPv4NetworkAddress -Address $ObjInputAddress -nbBytes $BlockBytes -IPv4Mask $IPv4Mask
$Obj | Add-Member -type NoteProperty -Name Subnet -Value "$($IpStart)/$($IPv4Mask)"
$Obj | Add-Member -type NoteProperty -Name IpStart -Value $IpStart

$ArrBytesIpStart = $IpStart.GetAddressBytes()
[array]::Reverse($ArrBytesIpStart)
$RangeStart = [system.bitconverter]::ToUInt32($ArrBytesIpStart, 0)
$RangeStart = [System.BitConverter]::ToUInt32($ArrBytesIpStart, 0)

$IpEnd = $RangeStart + $NumberOfIPs

if (($IpEnd.Gettype()).Name -ine 'double') {
if (($IpEnd.GetType()).Name -ine 'double') {
$IpEnd = [Convert]::ToDouble($IpEnd)
}

Expand All @@ -178,7 +178,7 @@

$ArrBytesIpEnd = $IpEnd.GetAddressBytes()
[array]::Reverse($ArrBytesIpEnd)
$Obj | Add-Member -type NoteProperty -Name RangeEnd -Value ([system.bitconverter]::ToUInt32($ArrBytesIpEnd, 0))
$Obj | Add-Member -type NoteProperty -Name RangeEnd -Value ([System.BitConverter]::ToUInt32($ArrBytesIpEnd, 0))

# return $Obj
$Obj
Expand Down Expand Up @@ -438,7 +438,7 @@
$SubnetObj = New-Object -TypeName PsObject

if ( $ObjIP.AddressFamily -match 'InterNetwork' ) {
$SubnetObj = New-IPv4 $SubnetObj $ObjIP $IPv4Mask
$SubnetObj = New-IPv4 -Obj $SubnetObj -ObjInputAddress $ObjIP -IPv4Mask $IPv4Mask
$SubnetObj | Add-Member -MemberType NoteProperty -Name Computer -Value $Entry.Computer
$ArrIPs += $SubnetObj
} # end if $ObjIP.AddressFamily -match 'InterNetwork'
Expand Down Expand Up @@ -482,7 +482,7 @@
$SubnetObj = New-Object -TypeName PsObject
$SubnetObj | Add-Member -type NoteProperty -Name Name -Value ([string] $Subnet.Properties['cn'])
$SubnetObj | Add-Member -type NoteProperty -Name Location -Value ([string] $Subnet.Properties['location'])
$SubnetObj | Add-Member -type NoteProperty -Name Site -Value ([string] $RegexCN.Match( $Subnet.Properties['siteobject']).Groups[1].Value)
$SubnetObj | Add-Member -type NoteProperty -Name Site -Value ([string] $RegexCN.Match( $Subnet.Properties['SiteObject']).Groups[1].Value)

$InputAddress = (($SubnetObj.Name).Split('/'))[0]
$ADSubnetPrefix = (($SubnetObj.Name).Split('/'))[1]
Expand All @@ -492,7 +492,7 @@

# Check if IP is a IPv4 (IPv6 not collected)
if ( $ObjInputAddress.AddressFamily -eq 'InterNetwork' ) {
$SubnetObj = New-IPv4 $SubnetObj $ObjInputAddress $ADSubnetPrefix
$SubnetObj = New-IPv4 -Obj $SubnetObj -ObjInputAddress $ObjInputAddress -IPv4Mask $ADSubnetPrefix
$SubnetsArray += $SubnetObj
} # end if $ObjInputAddress.AddressFamily -eq 'InterNetwork'
} # end foreach $Subnet
Expand Down

0 comments on commit a8187bd

Please sign in to comment.